Vulnerability Name:

CVE-2005-2456 (CCN-21710)

Assigned:2005-07-25
Published:2005-07-25
Updated:2018-10-19
Summary:Array index overflow in the xfrm_sk_policy_insert function in xfrm_user.c in Linux kernel 2.6 allows local users to cause a denial of service (oops or deadlock) and possibly execute arbitrary code via a p->dir value that is larger than XFRM_POLICY_OUT, which is used as an index in the sock->sk_policy array.
CVSS v3 Severity:4.0 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Low
CVSS v2 Severity:2.1 Low (CVSS v2 Vector: AV:L/AC:L/Au:N/C:N/I:N/A:P)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
2.1 Low (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:N/I:N/A:P)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
Vulnerability Type:CWE-Other
Vulnerability Consequences:Denial of Service
References:Source: MITRE
Type: CNA
CVE-2005-2456

Source: CCN
Type: RHSA-2005-514
Updated kernel packages available for Red Hat Enterprise Linux 4 Update 2

Source: CCN
Type: RHSA-2005-663
Updated kernel packages available for Red Hat Enterprise Linux 3 Update 6

Source: CCN
Type: SA16298
Linux Kernel xfrm Array Indexing Overflow Vulnerability

Source: SECUNIA
Type: UNKNOWN
16298

Source: SECUNIA
Type: UNKNOWN
16500

Source: SECUNIA
Type: UNKNOWN
17002

Source: SECUNIA
Type: UNKNOWN
17073

Source: SECUNIA
Type: UNKNOWN
17826

Source: SECUNIA
Type: UNKNOWN
18056

Source: SECUNIA
Type: UNKNOWN
18059

Source: DEBIAN
Type: UNKNOWN
DSA-921

Source: DEBIAN
Type: UNKNOWN
DSA-922

Source: DEBIAN
Type: DSA-921
kernel-source-2.4.27 -- several vulnerabilities

Source: DEBIAN
Type: DSA-922
kernel-source-2.6.8 -- several vulnerabilities

Source: CCN
Type: The The Linux Kernel Archives Web page
The Linux Kernel Archives

Source: CONFIRM
Type: Patch
http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=blobdiff;h=8da3e25b2c4c1f305fd85428d3a9eb62b543bfba;hp=ecade4893a139cc35d4fe345ce70242ede5358c4;hb=a4f1bac62564049ea4718c4624b0fadc9f597c84;f=net/xfrm/xfrm_user.c

Source: CONFIRM
Type: Patch
http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=a4f1bac62564049ea4718c4624b0fadc9f597c84

Source: CCN
Type: The Mail Archive Web site
possible overflow of sock->sk_policy

Source: MISC
Type: Patch
http://www.mail-archive.com/netdev@vger.kernel.org/msg00520.html

Source: MANDRAKE
Type: UNKNOWN
MDKSA-2005:219

Source: MANDRAKE
Type: UNKNOWN
MDKSA-2005:220

Source: SUSE
Type: UNKNOWN
SUSE-SA:2005:050

Source: REDHAT
Type: UNKNOWN
RHSA-2005:514

Source: REDHAT
Type: UNKNOWN
RHSA-2005:663

Source: FEDORA
Type: UNKNOWN
FLSA:157459-3

Source: BID
Type: UNKNOWN
14477

Source: CCN
Type: BID-14477
Linux Kernel XFRM Array Index Buffer Overflow Vulnerability

Source: CCN
Type: USN-169-1
Linux kernel vulnerabilities

Source: VUPEN
Type: UNKNOWN
ADV-2005-1878

Source: XF
Type: UNKNOWN
linux-kernel-xfrm-dos(21710)

Source: XF
Type: UNKNOWN
linux-kernel-xfrm-dos(21710)

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:10858

Source: UBUNTU
Type: UNKNOWN
USN-169-1

Source: SUSE
Type: SUSE-SA:2005:050
kernel: denial of service local privilege escalation

Vulnerable Configuration:Configuration 1:
  • cpe:/o:linux:linux_kernel:2.6.0:-:*:*:*:*:*:*

    • Configuration RedHat 1:
  • cpe:/o:redhat:enterprise_linux:*:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/o:linux:linux_kernel:2.6.6:rc1:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.6.11:rc1:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.6.2:-:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.6.0:test9:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.6.0:test8:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.6.0:test7:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.6.0:test6:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.6.0:test5:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.6.0:test4:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.6.0:test3:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.6.0:test2:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.6.0:test11:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.6.0:test10:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.6.0:test1:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.6.9:rc4:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.6.9:rc3:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.6.9:rc2:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.6.9:rc1:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.6.8:rc4:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.6.8:rc3:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.6.8:rc2:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.6.8:rc1:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.6.7:rc3:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.6.7:rc2:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.6.7:rc1:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.6.6:rc3:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.6.6:rc2:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.6.5:rc3:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.6.5:rc2:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.6.5:rc1:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.6.4:rc3:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.6.4:rc2:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.6.4:rc1:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.6.3:rc4:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.6.3:rc3:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.6.3:rc2:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.6.2:rc3:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.6.2:rc2:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.6.2:rc1:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.6.1:rc3:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.6.1:rc2:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.6.1:rc1:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.6.13:rc3:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.6.13:rc2:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.6.13:rc1:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.6.12:rc6:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.6.12:rc5:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.6.12:rc4:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.6.12:rc3:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.6.12:rc2:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.6.12:rc1:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.6.11:rc5:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.6.11:rc4:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.6.11:rc3:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.6.11:rc2:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.6.10:rc3:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.6.10:rc2:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.6.10:rc1:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.6.12.12:*:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.6.12.22:*:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.6.3:rc1:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.6.0:-:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.6.1:-:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.6.10:-:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.6.11:-:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.6.11.1:*:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.6.11.10:*:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.6.11.11:*:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.6.11.12:*:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.6.11.2:*:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.6.11.3:*:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.6.11.4:*:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.6.11.5:*:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.6.11.6:*:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.6.11.7:*:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.6.11.8:*:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.6.11.9:*:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.6.12:-:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.6.12.1:*:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.6.12.2:*:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.6.12.3:*:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.6.12.4:*:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.6.12.5:*:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.6.12.6:*:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.6.3:-:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.6.4:-:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.6.5:-:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.6.6:-:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.6.7:-:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.6.8:*:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.6.8.1:*:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.6.9:*:*:*:*:*:*:*
  • AND
  • cpe:/o:redhat:enterprise_linux:3::ws:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:3::es:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:3::as:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:9.1:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:3::desktop:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:9.2:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:10.1:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:3.0:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4::as:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4::desktop:*:*:*:*:*
  • OR cpe:/o:novell:linux_desktop:9:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4::es:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4::ws:*:*:*:*:*
  • OR cpe:/o:debian:debian_linux:3.1:*:*:*:*:*:*:*
  • OR cpe:/a:mandrakesoft:mandrake_multi_network_firewall:2.0:*:*:*:*:*:*:*
  • OR cpe:/o:suse:linux_enterprise_server:9:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:10.1::x86-64:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:3.0::x86_64:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:9.3:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:20052456
    V
    		CVE-2005-2456
    2015-11-16
    oval:org.mitre.oval:def:10858
    V
    		Array index overflow in the xfrm_sk_policy_insert function in xfrm_user.c in Linux kernel 2.6 allows local users to cause a denial of service (oops or deadlock) and possibly execute arbitrary code via a p-dir value that is larger than XFRM_POLICY_OUT, which is used as an index in the sock-sk_policy array.
    2013-04-29
    oval:org.debian:def:921
    V
    		several vulnerabilities
    2005-12-14
    oval:org.debian:def:922
    V
    		several vulnerabilities
    2005-12-14
    oval:com.redhat.rhsa:def:20050514
    P
    		RHSA-2005:514: Updated kernel packages available for Red Hat Enterprise Linux 4 Update 2 (Important)
    2005-10-05
    oval:com.redhat.rhsa:def:20050663
    P
    		RHSA-2005:663: Updated kernel packages available for Red Hat Enterprise Linux 3 Update 6 (Important)
    2005-09-28
    BACK
    linux linux kernel 2.6.0
    linux linux kernel 2.6.6 rc1
    linux linux kernel 2.6.11 rc1
    linux linux kernel 2.6.2
    linux linux kernel 2.6.0 test9
    linux linux kernel 2.6.0 test8
    linux linux kernel 2.6.0 test7
    linux linux kernel 2.6.0 test6
    linux linux kernel 2.6.0 test5
    linux linux kernel 2.6.0 test4
    linux linux kernel 2.6.0 test3
    linux linux kernel 2.6.0 test2
    linux linux kernel 2.6.0 test11
    linux linux kernel 2.6.0 test10
    linux linux kernel 2.6.0 test1
    linux linux kernel 2.6.9 rc4
    linux linux kernel 2.6.9 rc3
    linux linux kernel 2.6.9 rc2
    linux linux kernel 2.6.9 rc1
    linux linux kernel 2.6.8 rc4
    linux linux kernel 2.6.8 rc3
    linux linux kernel 2.6.8 rc2
    linux linux kernel 2.6.8 rc1
    linux linux kernel 2.6.7 rc3
    linux linux kernel 2.6.7 rc2
    linux linux kernel 2.6.7 rc1
    linux linux kernel 2.6.6 rc3
    linux linux kernel 2.6.6 rc2
    linux linux kernel 2.6.5 rc3
    linux linux kernel 2.6.5 rc2
    linux linux kernel 2.6.5 rc1
    linux linux kernel 2.6.4 rc3
    linux linux kernel 2.6.4 rc2
    linux linux kernel 2.6.4 rc1
    linux linux kernel 2.6.3 rc4
    linux linux kernel 2.6.3 rc3
    linux linux kernel 2.6.3 rc2
    linux linux kernel 2.6.2 rc3
    linux linux kernel 2.6.2 rc2
    linux linux kernel 2.6.2 rc1
    linux linux kernel 2.6.1 rc3
    linux linux kernel 2.6.1 rc2
    linux linux kernel 2.6.1 rc1
    linux linux kernel 2.6.13 rc3
    linux linux kernel 2.6.13 rc2
    linux linux kernel 2.6.13 rc1
    linux linux kernel 2.6.12 rc6
    linux linux kernel 2.6.12 rc5
    linux linux kernel 2.6.12 rc4
    linux linux kernel 2.6.12 rc3
    linux linux kernel 2.6.12 rc2
    linux linux kernel 2.6.12 rc1
    linux linux kernel 2.6.11 rc5
    linux linux kernel 2.6.11 rc4
    linux linux kernel 2.6.11 rc3
    linux linux kernel 2.6.11 rc2
    linux linux kernel 2.6.10 rc3
    linux linux kernel 2.6.10 rc2
    linux linux kernel 2.6.10 rc1
    linux linux kernel 2.6.12.12
    linux linux kernel 2.6.12.22
    linux linux kernel 2.6.3 rc1
    linux linux kernel 2.6.0
    linux linux kernel 2.6.1
    linux linux kernel 2.6.10
    linux linux kernel 2.6.11
    linux linux kernel 2.6.11.1
    linux linux kernel 2.6.11.10
    linux linux kernel 2.6.11.11
    linux linux kernel 2.6.11.12
    linux linux kernel 2.6.11.2
    linux linux kernel 2.6.11.3
    linux linux kernel 2.6.11.4
    linux linux kernel 2.6.11.5
    linux linux kernel 2.6.11.6
    linux linux kernel 2.6.11.7
    linux linux kernel 2.6.11.8
    linux linux kernel 2.6.11.9
    linux linux kernel 2.6.12
    linux linux kernel 2.6.12.1
    linux linux kernel 2.6.12.2
    linux linux kernel 2.6.12.3
    linux linux kernel 2.6.12.4
    linux linux kernel 2.6.12.5
    linux linux kernel 2.6.12.6
    linux linux kernel 2.6.3
    linux linux kernel 2.6.4
    linux linux kernel 2.6.5
    linux linux kernel 2.6.6
    linux linux kernel 2.6.7
    linux linux kernel 2.6.8
    linux linux kernel 2.6.8.1
    linux linux kernel 2.6.9
    redhat enterprise linux 3
    redhat enterprise linux 3
    redhat enterprise linux 3
    suse suse linux 9.1
    redhat enterprise linux 3
    suse suse linux 9.2
    mandrakesoft mandrake linux 10.1
    mandrakesoft mandrake linux corporate server 3.0
    redhat enterprise linux 4
    redhat enterprise linux 4
    novell linux desktop 9
    redhat enterprise linux 4
    redhat enterprise linux 4
    debian debian linux 3.1
    mandrakesoft mandrake multi network firewall 2.0
    suse linux enterprise server 9
    mandrakesoft mandrake linux 10.1
    mandrakesoft mandrake linux corporate server 3.0
    suse suse linux 9.3